Communities

Writing
Writing
Codidact Meta
Codidact Meta
The Great Outdoors
The Great Outdoors
Photography & Video
Photography & Video
Scientific Speculation
Scientific Speculation
Cooking
Cooking
Electrical Engineering
Electrical Engineering
Judaism
Judaism
Languages & Linguistics
Languages & Linguistics
Software Development
Software Development
Mathematics
Mathematics
Christianity
Christianity
Code Golf
Code Golf
Music
Music
Physics
Physics
Linux Systems
Linux Systems
Power Users
Power Users
Tabletop RPGs
Tabletop RPGs
Community Proposals
Community Proposals
tag:snake search within a tag
answers:0 unanswered questions
user:xxxx search by author id
score:0.5 posts with 0.5+ score
"snake oil" exact phrase
votes:4 posts with 4+ votes
created:<1w created < 1 week ago
post_type:xxxx type of post
Search help
Notifications
Mark all as read See all your notifications »
Users Search
Help Dashboard Sign In Sign Up
Q&A Meta
Q&A
Posts Tags Edits
Ask Question

Welcome to the Power Users community on Codidact!

Power Users is a Q&A site for questions about the usage of computer software and hardware. We are still a small site and would like to grow, so please consider joining our community. We are looking forward to your questions and answers; they are the building blocks of a repository of knowledge we are building together.

Post History

60%
+1 −0
Q&A Does changing a port address (number) necessates port forwarding?

When the ssh daemon starts up, it reads the config file for the interfaces it should bind to (listen on) and the port number(s). The default interface is "all" and the default port number is 22. T...

posted 3y ago by dsr‭

Answer
#1: Initial revision by user avatar dsr‭ · 2021-06-23T02:01:02Z (almost 3 years ago) 
When the ssh daemon starts up, it reads the config file for the interfaces it should bind to (listen on) and the port number(s). The default interface is "all" and the default port number is 22.

The number was applied for and assigned as a well-known port number. On many systems, there is a file /etc/services or similar which lists port numbers and  human readable names which can be used as substitutes.

If the port number is under 1024, traditional systems require root privilege. This is an anti-impersonation feature, so that these low port numbers are answered by the system's official daemons rather than any user who happened to claim it first.

Many administrators choose to run ssh on a port other than 22 because it is a target for scanning that can produce lots of log traffic. Changing the port number is not a significant security measure, but it can reduce the log traffic.

The port number that a daemon is listening to is the port number that must be specified by a client trying to communicate with it. Port forwarding is a duplication arranged by another daemon, so that a client can talk to a specific port (say, 22) but the underlying daemon can be listening on some other port (generally above 1024). That concentrates the root privilege to the duplicating daemon and may mean that the underlying daemon does not need root privilege.